Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education"

Transcription

1 Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education Before the U.S. House Oversight and Government Reform Committee Hearing on Agency Compliance with the Federal Information Security Management Act November 17, 2015 Chairman Chaffetz, Ranking Member Cummings, and members of the Committee, thank you for the opportunity to appear before you today. As the Chief Information Officer for the Department of Education (ED), I am committed to ensuring we have an effective cybersecurity system in place that includes strong controls. ED continuously monitors and evaluates its posture for opportunities to minimize risk and exposure as we work to improve our current systems and processes. While ED has made significant progress over the last several years in strengthening the overall cybersecurity program, we are not satisfied and have plans to continue to increase the security of ED s systems. Before I dive into the specifics of our evolution, I wanted to provide brief organizational context that will assist our discussion today. Background ED is organized under one Department level CIO, a role that I have been serving in since The Department level CIO manages all core IT functions including but not limited to IT Operations, Cybersecurity, Enterprise Architecture, and IT Investment Management. The Office of Federal Student Aid (FSA), also appoints a separate CIO. While the Department level CIO is ultimately accountable for the IT Portfolio in totality, FSA maintains independent operational responsibility for its portfolio. I work closely with FSA and consult with them on a regular basis. The FSA enterprise includes major mission systems that support student facing and public services. A few examples include the commonly known Free Application for Federal Student Aid (FAFSA) and StudentAid.gov. 1

2 The FSA CIO reports to the FSA Chief Operating Officer (COO) and does not report to the Departmental CIO. During my more than seven years as the Department s CIO, I ve worked closely with leadership in FSA to ensure that IT Management integrates with the Department s IT systems. I ve performed these functions while honoring ED s implementation of the PBO statute. As it stands, my involvement includes oversight and review of FSA IT management activities and review of FSA s budget requests without interfering with FSA s ability to execute its very important operational mission. As required by the Federal IT Acquisition Reform Act (FITARA), we will work to integrate Departmental CIO approvals of FSA as it continues to focus on its critical operations. In FY 2012, OCIO and FSA established continuous monitoring programs to assess the security state of information systems in the Department s two distinct environments, the Department s Education Department Utility for Communications, Applications, and Technology Environment (EDUCATE) system and FSA s Virtual Data Center (VDC) system. To comply with the Office of Management and Budget (OMB) policy, FISMA requirements and applicable National Institute of Standards and Technology (NIST) standards, OCIO and FSA adopted and implemented automated scanning and detection tools to collect, analyze, and report on securityrelated risks, issues and threats to the Department s information systems and data. The implementation of these continuous monitoring programs was done prior to the Department s participation in the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) program. This is significant because the Department was one of the early adopters of CDM capabilities. In FY 2015, the Department implemented the core Continuous Monitoring technologies that enable the DHS CDM Phase 1 capabilities of hardware and software management, asset management, vulnerability management, and configuration management. These capabilities further strengthen our cyber security posture. 2

3 The Federal Information Security Management Act (FISMA) Under FISMA of 2002, and its subsequent update in 2014, each year the Department s Office of Inspector General (OIG) conducts an independent evaluation of the Department s overall information technology security program and practices to determine compliance with FISMA requirements. OIG reviews ten (10) metric areas using questions and reporting metrics that DHS provides for each annual review. Since FY2012, the Department, through the actions of the Office of the Chief Information Officer (OCIO) and FSA, continues to address noted deficiencies through corrective actions, and we are continuously working to improve our performance. We ve continued our progress in upgrading our performance and in the FY 2013 FISMA Audit the Department achieved compliance in four (4) metric areas. OIG acknowledged that OCIO had updated identity and access management policies to (1) identify all devices that attach to the network, (2) distinguish devices from users, and (3) authenticate devices that connect to the network consistent with FISMA and NIST guidance. The Department began the implementation of network access control (NAC), data loss prevention (DLP), and other continuous monitoring and diagnostic tools. Additionally, the OCIO moved from a managed service provider to an in-house security operations center (SOC). The SOC allows real-time threat detection and tracking, comprehensive reporting of security events and incidents, vulnerability identification and trending, and incident and remediation tracking. As a result, ED has gained better situational awareness of the network environment and is able to respond more rapidly to network and host-based events. In FY 2014, the Department was deemed compliant in four (4) metric areas. Specifically, the Department established compliant programs for enterprise-wide continuous monitoring, security awareness training, tracking and monitoring known information security weaknesses, overseeing systems operated on its behalf by contractors or other entities, and security capital planning and investments. As part of the FY 2014 work, the OIG conducted penetration and vulnerability testing of 3

4 a major FSA system and noted that, compared with organizations of similar size, the contractor supporting the system was performing a satisfactory job in ensuring that the patches and security configurations of the servers were met. The Department initiated and completed several activities to improve information security practices in response to and support of the FY 2014 FISMA Audit findings and recommendations. Beginning in May of this year, we implemented three major initiatives over the course of three months. In May 2015, FSA implemented a new student identification system as part of FSA s Enterprise Identity Management Program (EIMP). FSA s EIMP centralizes all access and identity management functions for non-privileged users and is focused on more efficient and secure provisioning and access management for FSA systems for both privileged and non-privileged users. The Person Authentication Service (PAS) addresses significant former vulnerabilities in the previous FSA PIN system, specifically no longer allowing users to use their social security numbers. In June 2015, the Department implemented a new Security Operations management system (SecOps) to provide an integrated system to allow joint management of Incident Response. The system capabilities allow for OCIO to respond more quickly to security incidents. In July 2015, a two-factor authentication solution for accessing remotely from personally owned desktop or laptop computers and personal mobile devices replaced the previous username and password authentication method, satisfying IG recommendations to strengthen the integrity of the system. This solution meets strong authentication mandates defined by OMB. OCIO also provided significant dedicated support to OMB s Cybersecurity Sprint interagency working group, created in response to major security breaches in the Federal government. The Department worked with DHS and OMB to develop the 4

5 new Federal Cyber Incident Response best practices. The Department has actively worked to address the focus areas of the Cyber Sprint by completing the review and identification of the Department s high-value assets, completing the indicators of compromise network scan, mitigating critical vulnerabilities identified through the DHS Critical Vulnerability Report, and reviewing and appropriately restricting privileged user access. OCIO and FSA developed implementation plans to increase the issuance of personal identity verification (PIV) cards to meet the requirements of strong authentication, especially for privileged users. The OCIO completed implementation of the OCIO plan this September and FSA completion is scheduled for December OIG FISMA Audit OIG s objective for the FY 2015 FISMA Audit changed from a compliance-based auditing approach to a focus on general effectiveness. Under this objective, OIG was to determine whether the Departments overall information technology security programs and practices were generally effective as they relate to Federal information security requirements. The effectiveness of the Department s security controls is based on the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the information system in its operational environment. OIG found that the Department has made progress in strengthening its information security program, with five of ten reporting metrics noted as generally effective. No conclusion was provided for one metric, Contractor Systems, as the Department relies almost exclusively on contractors to operate its systems, and all of the FISMA aspects of IT security management included in their report implicitly addressed issues on the Department s contractor oversight. The OIG determined the Department was not generally effective in four areas: Continuous Monitoring 5

6 Configuration Management Incident Response and Reporting, and Remote Access In response, we are actively engaged in implementing solutions to address these areas. Continuous Monitoring Specifically, to meet the requirements of OMB for implementing continuous monitoring controls by FY 2017, the Department has developed an Information Security Continuous Monitoring (ISCM) implementation plan and is actively engaged with DHS through the CDM program to obtain continuous monitoring solutions to enhance the program as part of Task Order 2. Although we were assessed at level 1 of the Council of Inspectors General on Integrity and Efficiency s ISCM maturity model, OIG acknowledged that some of the level 2 activities were met as well. Configuration Management Configuration management activities for FY 2016 include continuing the implementation of the Network Access Control (NAC) solution to restrict access for users and devices, strengthening the Department s patch and vulnerability management program, and prioritizing and updating policies and procedures to meet Federal configuration management requirements. Additionally, participation in enterprise-wide asset management activities through the DHS CDM project will strengthen our configuration management program and allow greater visibility into the assets maintained by the Department. Incident Response and Reporting For incident response and reporting, the Department is utilizing additional capabilities to identify and block web attacks. The next phases of the Data Loss Prevention (DLP) project scheduled for early FY 2016 will provide greater ability to detect incidents. The Department will also identify gaps in ensuring that the 6

7 security capabilities provide full network coverage and determine methods to close those gaps. Remote Access To address weaknesses noted in remote access, the Department continues to consolidate and standardize the remote access solutions currently in use. This will allow for increased consistency in the implementation of controls across the remaining solutions. Lastly, FSA continues the implementation of two-factor authentication requirements to include two-factor enablement on their remote connections. Participation in Department of Homeland Security programs Finally, the Department participates in and utilizes many DHS programs and services to enhance our security program. As stated earlier, the Department is actively participating in the DHS continuous diagnostics and monitoring program, obtaining tools and services to support and enhance existing continuous monitoring activities. We rely on US-CERT information sharing services to provide early warning notices of compromise activity that the Department needs to include in intrusion monitoring. The Department utilizes DHS scanning and risk assessment services to measure the overall cyber health and hygiene of our cyber environment. Department employees utilize DHS training and education programs, to include general user security awareness training and security role-based courses, to support their cybersecurity roles and meet Federal training requirements. Continuing to utilize these and other services that DHS has to offer including the EINSTEIN program - is important to the Department as we continue to improve the security of our networks and systems, and provide security guidance and training to our employees. Conclusion Thank you again for the opportunity to testify today and provide you with specifics on the work of the Department and our plans to continue to improve the security of our systems, processes and procedures. I would be pleased to answer any questions. 7

8 Danny A. Harris, PhD, Deputy Chief Financial Officer Dr. Danny Harris is a 20+ year information technology and financial management veteran of the US Department of Education. Dr. Harris became the Deputy Chief Financial Officer, Office of the Chief Financial Officer, US Department of Education on December 12, He supports the CFO in overseeing financial management, internal control and audit resolution, financial systems, contracts and procurement, and grants policy issues. Dr. Harris oversees the development and maintenance of an integrated financial management system and the business functions supported by this platform. He manages staff responsible for ensuring Department funds are spent appropriately, and staff responsible for the Department's daily financial operations. Prior to becoming Deputy CFO, Dr. Harris served as Director, Financial Systems Operations, Office of the Chief Financial Officer, US Department of Education since September He managed the Department's multi-million dollar integrated Federal Financial Management Platform called Education's Central Automated Processing Systems (EDCAPS). The EDCAPS system incorporates five of the Department's most mission critical applications (Contracts and Purchasing, Grant Award and Payments, Accounting/General Ledger, Travel Manager, and Promissory Note business functions). Previously, Dr. Harris was Acting Director of Financial Management Operations (FMO), managing the flow of data to the Department's more that 200 appropriations, and responsible for the timely submission of standard federal reports and administering the SGL and department-specific accounting policies and procedures. (Sept Mar. 1999) Dr. Harris began his career at the US Department of Education as a computer analyst. He since moved on to the Secretary's Office working as a Policy Analyst, coordinating IT and other activities for the Secretary and Deputy Secretary surrounding significant Education policy issues. Dr. Harris has served on the Board of Advisors for the Information Technology (IT) Department at the College of Southern Maryland from 1994 present. He is also currently an adjunct professor at Howard University, teaching courses in Computer Technology. Prior to his tenure at Howard University, he taught undergraduate and graduate courses at George Mason University, in disciplines such as Organizational Communications Management, Research Methodology and Design. Born in New Jersey and raised in North Carolina, Harris holds a B.A. in Communications from North Carolina A&T State University, and an M.A. and PhD. in Organizational Management from Howard University.

STATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE

STATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE STATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE HOUSE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM SUBCOMMITTEE ON INFORMATION TECHNOLOGY AND SUBCOMMITTE

More information

NASA OFFICE OF INSPECTOR GENERAL

NASA OFFICE OF INSPECTOR GENERAL NASA OFFICE OF INSPECTOR GENERAL OFFICE OF AUDITS SUITE 8U71, 300 E ST SW WASHINGTON, D.C. 20546-0001 April 14, 2016 TO: SUBJECT: Renee P. Wynn Chief Information Officer Final Memorandum, Review of NASA

More information

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07 EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014

More information

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL INDEPENDENT EVALUATION OF THE NATIONAL CREDIT UNION ADMINISTRATION S COMPLIANCE WITH THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA)

More information

Audit of the Board s Information Security Program

Audit of the Board s Information Security Program Board of Governors of the Federal Reserve System Audit of the Board s Information Security Program Office of Inspector General November 2011 November 14, 2011 Board of Governors of the Federal Reserve

More information

Office of the Inspector General United States Office of Personnel Management. Statement of Michael R. Esser Assistant Inspector General for Audits

Office of the Inspector General United States Office of Personnel Management. Statement of Michael R. Esser Assistant Inspector General for Audits Office of the Inspector General United States Office of Personnel Management Statement of Michael R. Esser Assistant Inspector General for Audits before the Committee on Appropriations United States Senate

More information

Deputy Chief Financial Officer Peggy Sherry. And. Chief Information Security Officer Robert West. U.S. Department of Homeland Security.

Deputy Chief Financial Officer Peggy Sherry. And. Chief Information Security Officer Robert West. U.S. Department of Homeland Security. Deputy Chief Financial Officer Peggy Sherry And Chief Information Security Officer Robert West U.S. Department of Homeland Security Testimony Before the Subcommittee on Government Organization, Efficiency

More information

Evaluation Report. Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review. April 30, 2014 Report Number 14-12

Evaluation Report. Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review. April 30, 2014 Report Number 14-12 Evaluation Report Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review April 30, 2014 Report Number 14-12 U.S. Small Business Administration Office of Inspector General

More information

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL FY 2015 INDEPENDENT EVALUATION OF THE EFFECTIVENESS OF NCUA S INFORMATION SECURITY PROGRAM UNDER THE FEDERAL INFORMATION SECURITY MODERNIZATION

More information

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)

More information

The U.S. Department of Education s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2013 FINAL AUDIT REPORT

The U.S. Department of Education s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2013 FINAL AUDIT REPORT The U.S. Department of Education s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2013 FINAL AUDIT REPORT ED-OIG/A11N0001 November 2013 Our mission is to promote

More information

The U.S. Department of Education s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2014 FINAL AUDIT REPORT

The U.S. Department of Education s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2014 FINAL AUDIT REPORT The U.S. Department of Education s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2014 FINAL AUDIT REPORT This report has been reviewed for public dissemination

More information

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Evaluation Report The Department's Unclassified Cyber Security Program - 2012 DOE/IG-0877 November 2012 MEMORANDUM FOR

More information

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report The Department's Configuration Management of Non-Financial Systems OAS-M-12-02 February 2012 Department

More information

Cybersecurity Briefing

Cybersecurity Briefing Cybersecurity Briefing November 18, 2015 Agenda Cybersecurity FITARA Implementation Accomplishments BIA and BIE services and performance Priorities Next steps 2 Background on the OPM/DOI incident DOI has

More information

POSTAL REGULATORY COMMISSION

POSTAL REGULATORY COMMISSION POSTAL REGULATORY COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT INFORMATION SECURITY MANAGEMENT AND ACCESS CONTROL POLICIES Audit Report December 17, 2010 Table of Contents INTRODUCTION... 1 Background...1

More information

Fiscal Year 2014 Federal Information Security Management Act Report: Status of EPA s Computer Security Program

Fiscal Year 2014 Federal Information Security Management Act Report: Status of EPA s Computer Security Program U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Information Technology Fiscal Year 2014 Federal Information Security Management Act Report: Status of EPA s Computer Security Program Report.

More information

Audit Report. The Social Security Administration s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2013

Audit Report. The Social Security Administration s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2013 Audit Report The Social Security Administration s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2013 A-14-13-13086 November 2013 MEMORANDUM Date: November 26,

More information

Department of Homeland Security

Department of Homeland Security Evaluation of DHS Information Security Program for Fiscal Year 2013 OIG-14-09 November 2013 Washington, DC 20528 / www.oig.dhs.gov November 21, 2013 MEMORANDUM FOR: FROM: SUBJECT: Jeffrey Eisensmith Chief

More information

NARA s Information Security Program. OIG Audit Report No. 15-01. October 27, 2014

NARA s Information Security Program. OIG Audit Report No. 15-01. October 27, 2014 NARA s Information Security Program OIG Audit Report No. 15-01 October 27, 2014 Table of Contents Executive Summary... 3 Background... 4 Objectives, Scope, Methodology... 7 Audit Results... 8 Appendix

More information

REVIEW OF NASA S MANAGEMENT AND OVERSIGHT

REVIEW OF NASA S MANAGEMENT AND OVERSIGHT SEPTEMBER 16, 2010 AUDIT REPORT OFFICE OF AUDITS REVIEW OF NASA S MANAGEMENT AND OVERSIGHT OF ITS INFORMATION TECHNOLOGY SECURITY PROGRAM OFFICE OF INSPECTOR GENERAL National Aeronautics and Space Administration

More information

FEDERAL INFORMATION SECURITY. Mixed Progress in Implementing Program Components; Improved Metrics Needed to Measure Effectiveness

FEDERAL INFORMATION SECURITY. Mixed Progress in Implementing Program Components; Improved Metrics Needed to Measure Effectiveness United States Government Accountability Office Report to Congressional Committees September 2013 FEDERAL INFORMATION SECURITY Mixed Progress in Implementing Program Components; Improved Metrics Needed

More information

Chairman Johnson, Ranking Member Carper, and Members of the committee:

Chairman Johnson, Ranking Member Carper, and Members of the committee: UNITED STATES OFFICE OF PERSONNEL MANAGEMENT STATEMENT OF THE HONORABLE KATHERINE ARCHULETA DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

More information

Evaluation of DHS' Information Security Program for Fiscal Year 2014

Evaluation of DHS' Information Security Program for Fiscal Year 2014 Evaluation of DHS' Information Security Program for Fiscal Year 2014 December 12, 2014 HIGHLIGHTS Evaluation of DHS Information Security Program for Fiscal Year 2014 December 12, 2014 Why We Did This We

More information

Testimony of Danny Harris, Chief Information Officer U.S. Department of Education

Testimony of Danny Harris, Chief Information Officer U.S. Department of Education Testimony of Danny Harris, Chief Information Officer U.S. Department of Education Before the U.S. House of Representatives Committee on Oversight and Government Reform U.S. Department of Education: Investigation

More information

Evaluation of DHS' Information Security Program for Fiscal Year 2015

Evaluation of DHS' Information Security Program for Fiscal Year 2015 Evaluation of DHS' Information Security Program for Fiscal Year 2015 January 5, 2016 OIG-16-08 (Revised) DHS OIG HIGHLIGHTS Evaluation of DHS Information Security Program for Fiscal Year 2015 January 5,

More information

VA Office of Inspector General

VA Office of Inspector General VA Office of Inspector General OFFICE OF AUDITS & EVALUATIONS Department of Veterans Affairs Federal Information Security Management Act Audit for Fiscal Year 2013 May 29, 2014 13-01391-72 ACRONYMS AND

More information

VA Office of Inspector General

VA Office of Inspector General VA Office of Inspector General OFFICE OF AUDITS & EVALUATIONS Department of Veterans Affairs Federal Information Security Management Act Audit for Fiscal Year 2014 May 19, 2015 14-01820-355 ACRONYMS CRISP

More information

UNITED STATES COMMISSION ON CIVIL RIGHTS. Fiscal Year 2012 Federal Information Security Management Act Evaluation

UNITED STATES COMMISSION ON CIVIL RIGHTS. Fiscal Year 2012 Federal Information Security Management Act Evaluation Memorandum UNITED STATES COMMISSION ON CIVIL RIGHTS Date: November 15, 2012 To: From: Subject: The Honorable Commissioners Frances Garcia, Inspector General Fiscal Year 2012 Federal Information Security

More information

NUMBER OF MATERIAL WEAKNESSES

NUMBER OF MATERIAL WEAKNESSES APPENDIX A: PERFORMANCE AND RESOURCE TABLES MANAGEMENT DISCUSSION AND ANALYSIS MANAGEMENT CONTROLS FEDERAL MANAGER S FINANCIAL INTEGRITY ACT (FMFIA) OF 1982 D uring FY 2005, the Department reviewed its

More information

2014 Audit of the CFPB s Information Security Program

2014 Audit of the CFPB s Information Security Program O FFICE OF I NSPECTOR GENERAL Audit Report 2014-IT-C-020 2014 Audit of the CFPB s Information Security Program November 14, 2014 B OARD OF G OVERNORS OF THE F EDERAL R ESERVE S YSTEM C ONSUMER FINANCIAL

More information

Report of Evaluation OFFICE OF INSPECTOR GENERAL. OIG 2014 Evaluation of the Farm Credit OIG 2014 Administration s. Management Act.

Report of Evaluation OFFICE OF INSPECTOR GENERAL. OIG 2014 Evaluation of the Farm Credit OIG 2014 Administration s. Management Act. OFFICE OF INSPECTOR GENERAL Report of Evaluation OIG 2014 Evaluation of the Farm Credit OIG 2014 Administration s Evaluation of the Farm Compliance Credit Administration s with the Federal Information

More information

2014 Audit of the Board s Information Security Program

2014 Audit of the Board s Information Security Program O FFICE OF I NSPECTOR GENERAL Audit Report 2014-IT-B-019 2014 Audit of the Board s Information Security Program November 14, 2014 B OARD OF G OVERNORS OF THE F EDERAL R ESERVE S YSTEM C ONSUMER FINANCIAL

More information

The U.S. Department of Education s Federal Information Security Modernization Act of 2014 Report For Fiscal Year 2015 FINAL AUDIT REPORT

The U.S. Department of Education s Federal Information Security Modernization Act of 2014 Report For Fiscal Year 2015 FINAL AUDIT REPORT The U.S. Department of Education s Federal Information Security Modernization Act of 2014 Report For Fiscal Year 2015 FINAL AUDIT REPORT ED-OIG/A11P0001 November 13, 2015 Our mission is to promote the

More information

Office of Inspector General

Office of Inspector General Audit Report OIG-05-040 INFORMATION TECHNOLOGY: Mint s Computer Security Incident Response Capability Needs Improvement July 13, 2005 Office of Inspector General Department of the Treasury Contents Audit

More information

NASA FACES SIGNIFICANT CHALLENGES IN TRANSITIONING TO A CONTINUOUS MONITORING APPROACH FOR ITS INFORMATION TECHNOLOGY SYSTEMS

NASA FACES SIGNIFICANT CHALLENGES IN TRANSITIONING TO A CONTINUOUS MONITORING APPROACH FOR ITS INFORMATION TECHNOLOGY SYSTEMS DECEMBER 5, 2011 AUDIT REPORT OFFICE OF AUDITS NASA FACES SIGNIFICANT CHALLENGES IN TRANSITIONING TO A CONTINUOUS MONITORING APPROACH FOR ITS INFORMATION TECHNOLOGY SYSTEMS OFFICE OF INSPECTOR GENERAL

More information

Office of the Assistant Secretary for Administration and Management Washington, D.C. 20210. ELLIOT P. LEWIS Assistant Inspector General for Audit

Office of the Assistant Secretary for Administration and Management Washington, D.C. 20210. ELLIOT P. LEWIS Assistant Inspector General for Audit U.S. Department of Labor Office of the Assistant Secretary for Administration and Management Washington, D.C. 20210 AUG 1 4 2015 MEMORANDUM FOR: FROM: SUBJECT: ELLIOT P. LEWIS Assistant Inspector General

More information

VA Office of Inspector General

VA Office of Inspector General VA Office of Inspector General OFFICE OF AUDITS & EVALUATIONS Department of Veterans Affairs Federal Information Security Modernization Act Audit for Fiscal Year 2015 March 15, 2016 15-01957-100 ACRONYMS

More information

United States Department of Agriculture. Office of Inspector General

United States Department of Agriculture. Office of Inspector General United States Department of Agriculture Office of Inspector General U.S. Department of Agriculture, Office of the Chief Information Officer, Fiscal Year 2013 Federal Information Security Management Act

More information

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC. Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies

More information

FY 2015 Inspector General Federal Information Security Modernization Act Reporting Metrics V1.2

FY 2015 Inspector General Federal Information Security Modernization Act Reporting Metrics V1.2 FY 2015 Inspector General Federal Information Security Modernization Act Reporting Metrics V1.2 Prepared by: U.S. Department of Homeland Security Office of Cybersecurity and Communications Federal Network

More information

Audit of the Department of State Information Security Program

Audit of the Department of State Information Security Program UNITED STATES DEPARTMENT OF STATE AND THE BROADCASTING BOARD OF GOVERNORS OFFICE OF INSPECTOR GENERAL AUD-IT-15-17 Office of Audits October 2014 Audit of the Department of State Information Security Program

More information

STATEMENT OF JOHN E. MCCOY II DEPUTY ASSISTANT INSPECTOR GENERAL FOR AUDITS U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE

STATEMENT OF JOHN E. MCCOY II DEPUTY ASSISTANT INSPECTOR GENERAL FOR AUDITS U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE STATEMENT OF JOHN E. MCCOY II DEPUTY ASSISTANT INSPECTOR GENERAL FOR AUDITS U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM SUBCOMMITTEE ON GOVERNMENT ORGANIZATION,

More information

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Audit Report Management of Western Area Power Administration's Cyber Security Program DOE/IG-0873 October 2012 Department

More information

Attachment A. Identification of Risks/Cybersecurity Governance

Attachment A. Identification of Risks/Cybersecurity Governance Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year

More information

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT: U.S. Election Assistance Commission Compliance with the Requirements of the Federal Information Security Management Act Fiscal

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,

More information

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications

More information

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections. Evaluation Report

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections. Evaluation Report U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Evaluation Report The Department's Unclassified Cyber Security Program 2011 DOE/IG-0856 October 2011 Department of

More information

FY 2016 Inspector General Federal Information Security Modernization Act of 2014 Reporting Metrics V1.0

FY 2016 Inspector General Federal Information Security Modernization Act of 2014 Reporting Metrics V1.0 FY 2016 Inspector General Federal Information Security Modernization Act of 2014 Reporting Metrics V1.0 June 20, 2016 Document History Version Date Comments Sec/Page 1.0 19 June 2016 Aligned questions

More information

Final Audit Report. Federal Information Security Modernization Act Audit FY 2015. Report Number 4A-CI-00-15-011 November 10, 2015

Final Audit Report. Federal Information Security Modernization Act Audit FY 2015. Report Number 4A-CI-00-15-011 November 10, 2015 U.S. OFFICE OF PERSONNEL MANAGEMENT OFFICE OF THE INSPECTOR GENERAL OFFICE OF AUDITS Final Audit Report Federal Information Security Modernization Act Audit FY 2015 Report Number 4A-CI-00-15-011 November

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,

More information

Evaluation of DHS' Information Security Program for Fiscal Year 2015

Evaluation of DHS' Information Security Program for Fiscal Year 2015 Evaluation of DHS' Information Security Program for Fiscal Year 2015 November 13, 2015 OIG-16-08 DHS OIG HIGHLIGHTS Evaluation of DHS Information Security Program for Fiscal Year 2015 November 13, 2015

More information

STATEMENT OF CHARLES EDWARDS DEPUTY INSPECTOR GENERAL U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE

STATEMENT OF CHARLES EDWARDS DEPUTY INSPECTOR GENERAL U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE STATEMENT OF CHARLES EDWARDS DEPUTY INSPECTOR GENERAL U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE ON OVERSIGHT AND MANAGEMENT EFFICIENCY U.S. HOUSE OF REPRESENTATIVES

More information

OFFICE OF INSPECTOR GENERAL

OFFICE OF INSPECTOR GENERAL U.S. CONSUMER PRODUCT SAFTEY COMMISSION OFFICE OF INSPECTOR GENERAL FY 2014 FEDERAL INFORMATION SECURITY MANAGEMENT ACT REVIEW REPORT Issued: 11/14/2014 This report conveys the results of the OIG s review

More information

Vulnerability Management. Information Technology Audit. For the Period July 2010 to July 2011

Vulnerability Management. Information Technology Audit. For the Period July 2010 to July 2011 O L A OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA FINANCIAL AUDIT DIVISION REPORT Vulnerability Management Information Technology Audit For the Period July 2010 to July 2011 May 22, 2012 Report

More information

EVALUATION REPORT. The Department of Energy's Unclassified Cybersecurity Program 2014

EVALUATION REPORT. The Department of Energy's Unclassified Cybersecurity Program 2014 U.S. Department of Energy Office of Inspector General Office of Audits and Inspections EVALUATION REPORT The Department of Energy's Unclassified Cybersecurity Program 2014 DOE/IG-0925 October 2014 Department

More information

FY14 Q2 Chief Information Officer Federal Information Security Management Act Reporting Metrics v1.0

FY14 Q2 Chief Information Officer Federal Information Security Management Act Reporting Metrics v1.0 FY14 Q2 Chief Information Officer Federal Information Security Management Act Reporting Metrics v1.0 Prepared by: US Department of Homeland Security Office of Cybersecurity and Communications Federal Network

More information

AUDIT OF NASA S EFFORTS TO CONTINUOUSLY MONITOR CRITICAL INFORMATION TECHNOLOGY SECURITY CONTROLS

AUDIT OF NASA S EFFORTS TO CONTINUOUSLY MONITOR CRITICAL INFORMATION TECHNOLOGY SECURITY CONTROLS SEPTEMBER 14, 2010 AUDIT REPORT OFFICE OF AUDITS AUDIT OF NASA S EFFORTS TO CONTINUOUSLY MONITOR CRITICAL INFORMATION TECHNOLOGY SECURITY CONTROLS OFFICE OF INSPECTOR GENERAL National Aeronautics and Space

More information

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cybersecurity Enhancement Account. FY 2017 President s Budget Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

REVIEW OF THE DEPARTMENT OF HEALTH AND HUMAN SERVICES COMPLIANCE WITH THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2015

REVIEW OF THE DEPARTMENT OF HEALTH AND HUMAN SERVICES COMPLIANCE WITH THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2015 Department of Health and Human Services OFFICE OF INSPECTOR GENERAL REVIEW OF THE DEPARTMENT OF HEALTH AND HUMAN SERVICES COMPLIANCE WITH THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR

More information

TESTIMONY OF STEVE COOPER DEPARTMENT OF COMMERCE CHIEF INFORMATION OFFICER BEFORE THE SUBCOMMITTEES ON

TESTIMONY OF STEVE COOPER DEPARTMENT OF COMMERCE CHIEF INFORMATION OFFICER BEFORE THE SUBCOMMITTEES ON TESTIMONY OF STEVE COOPER DEPARTMENT OF COMMERCE CHIEF INFORMATION OFFICER BEFORE THE SUBCOMMITTEES ON INFORMATION TECHNOLOGY AND ON GOVERNMENT OPERATIONS OF THE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM

More information

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report Management of Los Alamos National Laboratory's Cyber Security Program DOE/IG-0880 February 2013 Department

More information

STATEMENT OF MARK A.S. HOUSE OF REPRESENTATIVES

STATEMENT OF MARK A.S. HOUSE OF REPRESENTATIVES STATEMENT OF MARK A. FORMAN ASSOCIATE DIRECTOR FOR INFORMATION TECHNOLOGY AND ELECTRONIC GOVERNMENT OFFICE OF MANAGEMENT AND BUDGET BEFORE THE COMMITTEE ON GOVERNMENT REFORM SUBCOMMITTEE ON GOVERNMENT

More information

Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015

Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 OIG-16-A-03 November 12, 2015 All publicly available OIG reports (including

More information

ClOP CHAPTER 1351.39. Departmental Information Technology Governance Policy TABLE OF CONTENTS. Section 39.1

ClOP CHAPTER 1351.39. Departmental Information Technology Governance Policy TABLE OF CONTENTS. Section 39.1 ClOP CHAPTER 1351.39 Departmental Information Technology Governance Policy TABLE OF CONTENTS Section 39.1 Purpose... 1 Section 39.2 Section 39.3 Section 39.4 Section 39.5 Section 39.6 Section 39.7 Section

More information

FDA STAFF MANUAL GUIDES, VOLUME I - ORGANIZATIONS AND FUNCTIONS FOOD AND DRUG ADMINISTRATION OFFICE OF OPERATIONS

FDA STAFF MANUAL GUIDES, VOLUME I - ORGANIZATIONS AND FUNCTIONS FOOD AND DRUG ADMINISTRATION OFFICE OF OPERATIONS SMG 1117.2111 FDA STAFF MANUAL GUIDES, VOLUME I - ORGANIZATIONS AND FUNCTIONS FOOD AND DRUG ADMINISTRATION OFFICE OF OPERATIONS OFFICE OF INFORMATION MANAGEMENT AND TECHNOLOGY OFFICE OF INFORMATION MANAGEMENT

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Improved Security Required for DHS Networks (Redacted) Notice: The Department of Homeland Security, Office of Inspector General, has redacted

More information

Information Security Series: Security Practices. Integrated Contract Management System

Information Security Series: Security Practices. Integrated Contract Management System OFFICE OF INSPECTOR GENERAL Audit Report Catalyst for Improving the Environment Information Security Series: Security Practices Integrated Contract Management System Report No. 2006-P-00010 January 31,

More information

Final Audit Report FEDERAL INFORMATION SECURITY MANAGEMENT ACT AUDIT FY 2012. Report No. 4A-CI-00-12-016

Final Audit Report FEDERAL INFORMATION SECURITY MANAGEMENT ACT AUDIT FY 2012. Report No. 4A-CI-00-12-016 U.S. OFFICE OF PERSONNEL MANAGEMENT OFFICE OF THE INSPECTOR GENERAL OFFICE OF AUDITS Final Audit Report Subject: FEDERAL INFORMATION SECURITY MANAGEMENT ACT AUDIT FY 2012 Report No. 4A-CI-00-12-016 Date:

More information

AUDIT REPORT. The Energy Information Administration s Information Technology Program

AUDIT REPORT. The Energy Information Administration s Information Technology Program U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT The Energy Information Administration s Information Technology Program DOE-OIG-16-04 November 2015 Department

More information

INFORMATION SECURITY Department of Education and Other Federal Agencies Need to Better Implement Controls

INFORMATION SECURITY Department of Education and Other Federal Agencies Need to Better Implement Controls United States Government Accountability Office Testimony Before the Committee on Oversight and Government Reform, House of Representatives For Release on Delivery Expected at 10:00 a.m. ET Tuesday, November

More information

SECURITY WEAKNESSES IN DOT S COMMON OPERATING ENVIRONMENT EXPOSE ITS SYSTEMS AND DATA TO COMPROMISE

SECURITY WEAKNESSES IN DOT S COMMON OPERATING ENVIRONMENT EXPOSE ITS SYSTEMS AND DATA TO COMPROMISE FOR OFFICIAL USE ONLY SECURITY WEAKNESSES IN DOT S COMMON OPERATING ENVIRONMENT EXPOSE ITS SYSTEMS AND DATA TO COMPROMISE Department of Transportation Report No. FI-2013-123 Date Issued: September 10,

More information

REVIEW OF MEDICARE CONTRACTOR INFORMATION SECURITY PROGRAM EVALUATIONS FOR FISCAL YEAR 2013

REVIEW OF MEDICARE CONTRACTOR INFORMATION SECURITY PROGRAM EVALUATIONS FOR FISCAL YEAR 2013 Department of Health and Human Services OFFICE OF INSPECTOR GENERAL REVIEW OF MEDICARE CONTRACTOR INFORMATION SECURITY PROGRAM EVALUATIONS FOR FISCAL YEAR 2013 Inquiries about this report may be addressed

More information

Final Audit Report FEDERAL INFORMATION SECURITY MANAGEMENT ACT AUDIT FY 2013. Report No. 4A-CI-00-13-021. Date:

Final Audit Report FEDERAL INFORMATION SECURITY MANAGEMENT ACT AUDIT FY 2013. Report No. 4A-CI-00-13-021. Date: U.S. OFFICE OF PERSONNEL MANAGEMENT OFFICE OF THE INSPECTOR GENERAL OFFICE OF AUDITS Final Audit Report Subject: FEDERAL INFORMATION SECURITY MANAGEMENT ACT AUDIT FY 2013 Report No. 4A-CI-00-13-021 Date:

More information

Department of Veterans Affairs VA Handbook 6500. Information Security Program

Department of Veterans Affairs VA Handbook 6500. Information Security Program Department of Veterans Affairs VA Handbook 6500 Washington, DC 20420 Transmittal Sheet September 18, 2007 Information Security Program 1. REASON FOR ISSUE: To provide specific procedures and establish

More information

U.S. DEPARTMENT OF THE INTERIOR OFFICE OF INSPECTOR GENERAL Verification of Previous Office of Inspector General Recommendations September 2009

U.S. DEPARTMENT OF THE INTERIOR OFFICE OF INSPECTOR GENERAL Verification of Previous Office of Inspector General Recommendations September 2009 U.S. DEPARTMENT OF THE INTERIOR OFFICE OF INSPECTOR GENERAL Verification of Previous Office of Inspector General Recommendations September 2009 ISD-EV-MOA-0002-2009 Contents Acronyms and Other Reference

More information

INTERNATIONAL TRADE ADMINISTRATION Improvements Are Needed to Strengthen ITA s Information Technology Security Program

INTERNATIONAL TRADE ADMINISTRATION Improvements Are Needed to Strengthen ITA s Information Technology Security Program INTERNATIONAL TRADE ADMINISTRATION Improvements Are Needed to Strengthen ITA s Information Technology Security Program FINAL REPORT NO. OIG-12-037-A SEPTEMBER 27, 2012 U.S. Department of Commerce Office

More information

Chief Information Officer

Chief Information Officer Chief Information Officer Section Report 2011 Annual FISMA Report Social Security Administration Section 1: System Inventory 1. For each of the FIPS 199 system categorized impact levels in this question,

More information

EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503. October 30, 2015

EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503. October 30, 2015 EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503 October 30, 2015 Executive Summary Strengthening the cybersecurity of Federal networks, systems, and data is one

More information

Addressing FISMA Assessment Requirements

Addressing FISMA Assessment Requirements SOLUTION BRIEF Heeding FISMA s Call for Security Metrics and Continuous Network Monitoring Addressing FISMA Assessment Requirements Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom

More information

Office of Inspector General Audit Report

Office of Inspector General Audit Report Office of Inspector General Audit Report USMMA SECURITY CONTROLS WERE NOT SUFFICIENT TO PROTECT SENSITIVE DATA FROM UNAUTHORIZED ACCESS Maritime Administration Report Number: FI-2012-138 Date Issued: May

More information

STATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration

STATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration STATEMENT OF Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration BEFORE THE HOUSE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE

More information

OCIE CYBERSECURITY INITIATIVE

OCIE CYBERSECURITY INITIATIVE Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.

More information

U.S. Department of Labor

U.S. Department of Labor U.S. Department of Labor Office of Inspector General Washington, D.C. 20210 July 31, 2015 MEMORANDUM FOR: DAWN M. LEAF Chief Information Officer FROM: ELLIOT P. LEWIS Assistant Inspector General for Audit

More information

IG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY

IG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY IG MATURITY MODEL FOR FY 2015 FISMA 1 Ad-hoc 1.1 program is not formalized and activities are performed in a reactive manner resulting in an adhoc program that does not meet 2 requirements for a defined

More information

NASA S PROCESS FOR ACQUIRING INFORMATION TECHNOLOGY SECURITY ASSESSMENT AND MONITORING TOOLS

NASA S PROCESS FOR ACQUIRING INFORMATION TECHNOLOGY SECURITY ASSESSMENT AND MONITORING TOOLS MARCH 18, 2013 AUDIT REPORT OFFICE OF AUDITS NASA S PROCESS FOR ACQUIRING INFORMATION TECHNOLOGY SECURITY ASSESSMENT AND MONITORING TOOLS OFFICE OF INSPECTOR GENERAL National Aeronautics and Space Administration

More information

AUDIT REPORT. The Department of Energy's Implementation of Voice over Internet Protocol Telecommunications Networks

AUDIT REPORT. The Department of Energy's Implementation of Voice over Internet Protocol Telecommunications Networks U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT The Department of Energy's Implementation of Voice over Internet Protocol Telecommunications Networks

More information

In Brief. Smithsonian Institution Office of the Inspector General

In Brief. Smithsonian Institution Office of the Inspector General In Brief Smithsonian Institution Office of the Inspector General Smithsonian Institution Network Infrastructure (SINet) Report Number A-09-01, September 30, 2009 Why We Did This Audit Under the Federal

More information

FISH AND WILDLIFE SERVICE INFORMATION RESOURCES MANAGEMENT. Chapter 7 Information Technology (IT) Security Program 270 FW 7 TABLE OF CONTENTS

FISH AND WILDLIFE SERVICE INFORMATION RESOURCES MANAGEMENT. Chapter 7 Information Technology (IT) Security Program 270 FW 7 TABLE OF CONTENTS TABLE OF CONTENTS General Topics Purpose and Authorities Roles and Responsibilities Policy and Program Waiver Process Contact Abbreviated Sections/Questions 7.1 What is the purpose of this chapter? 7.2

More information

Briefing Report: Improvements Needed in EPA s Information Security Program

Briefing Report: Improvements Needed in EPA s Information Security Program U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Briefing Report: Improvements Needed in EPA s Information Security Program Report No. 13-P-0257 May 13, 2013 Scan this mobile code to learn

More information

SMITHSONIAN INSTITUTION

SMITHSONIAN INSTITUTION SMITHSONIAN INSTITUTION FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA) 2012 INDEPENDENT EVALUATION REPORT TABLE OF CONTENTS PURPOSE 1 BACKGROUND 1 OBJECTIVES, SCOPE, AND METHODOLOGY 2 SUMMARY OF RESULTS

More information

Section 37.1 Purpose... 1. Section 37.2 Background... 3. Section 37.3 Scope and Applicability... 4. Section 37.4 Policy... 5

Section 37.1 Purpose... 1. Section 37.2 Background... 3. Section 37.3 Scope and Applicability... 4. Section 37.4 Policy... 5 CIOP CHAPTER 37 Departmental Cybersecurity Policy TABLE OF CONTENTS Section 37.1 Purpose... 1 Section 37.2 Background... 3 Section 37.3 Scope and Applicability... 4 Section 37.4 Policy... 5 Section 37.5

More information

HEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY CONTROLS

HEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY CONTROLS Department of Health and Human Services OFFICE OF INSPECTOR GENERAL HEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY

More information

Cybersecurity Risk Management Activities Instructions Fiscal Year 2015

Cybersecurity Risk Management Activities Instructions Fiscal Year 2015 Cybersecurity Risk Management Activities Instructions Fiscal Year 2015 An effective risk management program and compliance with the Federal Information Security Management Act (FISMA) requires the U.S.

More information

FEDERAL INFORMATION SECURITY

FEDERAL INFORMATION SECURITY United States Government Accountability Office Report to Congressional Committees September 2015 FEDERAL INFORMATION SECURITY Agencies Need to Correct Weaknesses and Fully Implement Security Programs GAO-15-714

More information

STATEMENT BY JOHNNIE E. FRAZIER INSPECTOR GENERAL U.S. DEPARTMENT OF COMMERCE

STATEMENT BY JOHNNIE E. FRAZIER INSPECTOR GENERAL U.S. DEPARTMENT OF COMMERCE STATEMENT BY JOHNNIE E. FRAZIER INSPECTOR GENERAL U.S. DEPARTMENT OF COMMERCE BEFORE THE COMMITTEE ON GOVERNMENT REFORM SUBCOMMITTEE ON TECHNOLOGY, INFORMATION POLICY, INTERGOVERNMENTAL RELATIONS AND THE

More information

OFFICE OF INSPECTOR GENERAL

OFFICE OF INSPECTOR GENERAL OFFICE OF INSPECTOR GENERAL Audit Report Catalyst for Improving the Environment Evaluation of U.S. Chemical Safety and Hazard Investigation Board s Compliance with the Federal Information Security Management

More information